26fbd1adbe
services.bind.cacheNetworks should only apply to recursive queryies, as per the option documentation: > Note that this is for recursive queries – all networks are allowed to > query zones configured with the zones option by default [...]. This would correspond to the `allow-query-cache` option in named.conf, as per the BIND docs[1]: > Specifies which hosts (an IP address list) can access this server’s > cache and thus effectively controls recursion. And not `allow-query`, which restricts all requests (including requests where the server has authority) [2]: > Specifies which hosts (an IP address list) are allowed to send queries > to this resolver. > [...] > Note: > `allow-query-cache` is used to specify access to the cache. [1]: https://bind9.readthedocs.io/en/v9.20.0/reference.html#namedconf-statement-allow-query-cache [2]: https://bind9.readthedocs.io/en/v9.20.0/reference.html#namedconf-statement-allow-query